Hi All, We are getting the below mentioned message while trying to enable or disable the Splunk-Add-on for check point OPSEC LEA (linux). While searching for the data from the index=net_f sourcetype=opsec we get no result found, it happened suddenly not sure what exactly we need to do for rectifying this problem.
SPLUNK VERSION : 6.2.1
splunkweb --> App --> Splunk-Add-on for check point OPSEC LEA--> Connection-->Manage connection
In handler 'script': Parameter index: No currently active index 'net_f'. It is either not yet loaded, disabled, misconfigured, or not defined.
Kindly guide us in getting this issue fixed.
Hemnaath, Have you found solution for this issue?
Hi All, Can anyone help us in getting this issue fixed, as we could see data being stopped indexing from sourcetype=opsec from yesterday and not sure about the exact problem causing this issue.
Kindly let guide us in troubleshoot this issue.
thanks in advance.
Hi All, Can anyone guide us in fixing the above mentioned issue and when checked in to OPSEC_Watchdog.log, we could see the below message.
2017-03-05 10:59:20,548 INFO 1688 139958523827968 process exited normally
2017-03-05 10:59:23,361 INFO 2835 140297693193984 Starting exec: ./lea_loggrabber
2017-03-05 10:59:23,631 INFO 2835 140297693193984 process crashed (1), restarting
2017-03-05 10:59:28,903 INFO 7755 140402351773440 Starting exec: ./lea_loggrabber
2017-03-05 10:59:28,957 INFO 27083 140187540715264 Starting exec: ./lea_loggrabber
2017-03-05 10:59:28,968 INFO 15517 140587990456064 Starting exec: ./lea_loggrabber
2017-03-05 10:59:29,110 INFO 7755 140402351773440 process crashed (1), restarting
2017-03-05 10:59:29,186 INFO 27083 140187540715264 process crashed (1), restarting
2017-03-05 10:59:29,255 INFO 15517 140587990456064 process crashed (1), restarting
kindly guide us in fixing this issue
thanks in advance.